How Bithumb hack could have been avoided

South Korean largest exchange bithumb has been attacked, and more than $19 million in EOS and XRP tokens have been stolen. The company released a press note on March 29th announcing the attack ,and stating the detection of “abnormal withdrawal” of the company’s cryptocurrency assets.

The attack has allegedly targeted company’s hot wallets. Bithumb also stated in its press note that an internal investigation makes them suspect that this has been an inside job. This is the second hack that the exchange suffers in less than a year, suggesting that the security measures were not strict enough.

This attack could be conducted because essential security measures for a cryptocurrency exchange were not in place. Here is an explanation of some of the problems that allowed the attack to bithumb exchange, followed below by how these could have been avoided:

Large amount of cryptocurrency was stored in hot wallets: To start, reports indicate that the fund withdrawal was performed from the company’s hot wallets. Hot wallets are vulnerable to hacks since they are connected to Internet. The amount of funds stored in hot wallets should be limited to the minimum needed for the exchange daily operations, placing the largest part of the assets in a safer storage.

Lack of wallet policies allowed to make large fund transfers: As highlighted by some users, at least $13 million were withdrawn in a single transaction to an unknown address. This could have been avoided by placing strict transaction policies limiting the amount of funds that can be withdrawn at once, and at the same time, implementing an address white-list method to avoid withdrawals to non-approved addresses.

Capture of the withdrawal of more than $13 million in EOS in a single transaction

Lack of a strict approval process facilitated the malicious withdrawals: The attacker was allegedly able to withdraw such a large amount of funds without the approval or confirmation of any other party within the company. The exchange was only able to detect the malicious fund transfer after the transaction was already executed and the funds gone.

Single point of failure: Bithumb’s attack could be executed because the malicious user was able to sign transactions by himself using the wallet’s private key, highlighting that the system was not robust enough to avoid the situation where a single user could access and use the private key without any other party involved.

This attack could have been avoided with proper protection measures in place, such a set of strict transaction policies, a well defined approval chain requiring at least two parties’ confirmation, or a system design limiting the access to the private keys to bithumb employees.

Enterprise wallet solutions such as CYBAVO VAULT are designed to securely store and manage cryptocurrencies at a corporate level and address all the previous problems.

CYBAVO’s institutional wallet is a secure private key storage and wallet management system offering protection for cryptocurrency exchanges, token issuers or digital asset managers. CYBAVO VAULT robust security features can avoid attacks such as the one bithumb just suffered.

CYBAVO VAULT offers the protection of cold storage and the convenience and ease of use of hot wallets. It allows to create multiple cryptocurrency wallets, and to define a series of policies to rule each of those wallets.

CYBAVO VAULT Wallet Policies Configuration

When a wallet is created in CYBAVO VAULT, these policies need to be defined:

Transaction limit: The maximum transfer amount and maximum number of withdrawals that can be sent daily from a wallet.

Address whitelist: Every withdrawal address must be previously registered and included in the wallet policy.

User roles: Each wallet supports different user roles with different permissions: wallet creator, operator, transaction approver and auditor. Only those users with the operator role will be able to initiate transactions. Whenever a transaction is performed, or whenever there are changes in the transaction policies, all auditors will be immediately notified, being able to quickly detect and mitigate any malicious behavior.

Transaction approval chain: When creating a wallet, a transaction approval chain must be defined. CYBAVO VAULT supports multi-level, M-of-N approval, threshold approval chain. After the approval chain is properly configured, when a wallet operator requests a transaction, this will have to go the complete approval chain before being published to the blockchain.

Example of Transaction Approval Chain with CYBAVO VAULT

Defining these policies correctly is the key to drastically reduce the risk of both external or internal attacks. All these policies are enforced before any transaction is executed. CYBAVO VAULT is also able to detect if the policies ruling a wallet have been tampered before a transaction is executed, stopping the withdrawal and notifying all the involved parties in the positive case.

CYBAVO VAULT robust encryption scheme involves three different parties for sealing the private key. It is designed in such a way that no unauthorized exchange employee or any CYBAVO employee can decrypt the private key by himself. In this shared risk model, only a combination of the three parties involved (wallet operator, exchange and CYBAVO) can decrypt the private key, eliminating the risk of a single point of failure.

CYBAVO VAULT shared risk model removes single point of failure

Bithumb’s attack shows how cryptocurrency exchanges are exposed, not only to external threats but also internal attacks, if they do not take enough measures to protect their customer’s and their own digital assets. Secure cryptocurrency storage solutions like CYBAVO VAULT can help providing this protection for institutional customers, reducing the risks and optimizing the management workflow of their wallets.

Learn more about CYBAVO security products for enterprise at www.cybavo.com.